On Saturday, March 01, 2014 04:18:11 AM Anthony Messina wrote:
> I've been waiting patiently for F20 to "settle" before upgrading my two VM 
> installations of FreeIPA:
> ipa1 (original master)
> ipa2 (clone)
> I'm considering doing a "yum upgrade" this weekend and was wondering if any 
> users had found any "gotchas"?  One that I can think of is the addition of
> the following in F20's default /etc/krb5.conf:
> [libdefaults]
>   ...
>   default_ccache_name = KEYRING:persistent:%{uid}
>   ...
> I've seen on some of my freshly installed F20 FreeIPA clients that this
> option  is no longer present after ipa-client-install.  On those clients,
> I've manually added it post client install and things seem to work OK with
> the exception of SELinux errors reported here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1001703
> Should I place this option in /etc/krb5.conf on the masters before/after
> the  yum upgrade (or at all)?
> Should I run "ipactl stop" prior to running the yum upgrade?
> Of note, I'm considering the "yum upgrade" option rather than creating F20 
> replicas of F19 masters due to:
> https://fedorahosted.org/pki/ticket/816
> https://fedorahosted.org/389/ticket/47721
> Any guidance is appreciated.  Thanks, and have a good weekend.
> -A

I can report to the list that I've upgraded my ipa1 and ipa2 machines from F19 
to F20 via "yum upgrade" in SELinux permissive mode and things went 

As far as my concerns above, I added the following to /etc/krb5.conf after the 
upgrade, but before the reboot:

default_ccache_name = KEYRING:persistent:%{uid}

And I did not issue "ipactl stop" prior to the upgrade.

The only post-upgrade issue I am seeing is invalid characters passed to dirsrv 
queries when using FreeIPA web interface:


Thanks again to the FreeIPA team!


Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

Attachment: signature.asc
Description: This is a digitally signed message part.

Freeipa-users mailing list

Reply via email to